Anti-money laundering (AML) focuses on prominent influential persons or politically exposed persons
The FIC Amendment Act enhances South Africa’s AML and CFT regulatory regime by specifically:
- Providing for the implementation of the UN Security Council Resolutions relating to the freezing of asset;
- Enhancing the supervisory powers of the FIC and extending its functions in relation to suspicious transactions;
- Providing for the adoption of a risk-based approach to customer due diligence measures;
- Introducing the concepts of beneficial ownership, ongoing due diligence, and foreign and domestic prominent influential persons;
- Enhancing the customer due diligence requirements;
- Dissolving the Counter-Money Laundering Advisory Council; and
- Enhancing certain administrative and enforcements mechanisms.
The Act has broadened and enhanced the elements of customer due diligence requirements as identified in the FATF Recommendations, namely:
- the determination of the customer’s identity;
- the duty to keep records;
- identifying the beneficial owner; and
- understanding the purpose and the intended nature of the business relationship.
The Act has introduced two new concepts under customer due diligence requirements:
- the ongoing due diligence of the customers transaction records; and
- the enhanced measures for persons entrusted with prominent public or private sector functions, or Prominent Influential Persons (PIPs) and Foreign Influential Persons (FIPs), whenever accountable institutions establish business relationships with clients.
Enhanced due diligence
Enhanced due diligence for Politically Exposed Persons (PEPs), now called PIPs, is being extended, so you will need to consider if a beneficial owner is a PIP. People with high level appointments in SA will now be a PEP (apologies, a PIP!), and enhanced measures will need to apply for a certain period after a PIP leaves office.
The enhanced due diligence measures to SA based PEPs will be on a risk sensitive basis. Where a PIP is a beneficial owner of a company it appears that it is the source of wealth and funds being used in the transaction that are to be assessed, which may be the company's funds rather than necessarily requiring an assessment of the PEP's wealth.
These classifications are meant to aid financial institutions in properly identifying their clients, and thereby enabling them to apply appropriate standards of due diligence. These classifications and requirements do not entail an assumption that PIPs are more likely to be involved in any criminal activity and are, therefore, not meant to prevent financial institutions from doing business with PIPs.
Defining a PIP/PEP
A Politically Exposed Person or PEP is the term used for an individual who is or has in the past (preferably 1 year after giving up any political function) been entrusted with prominent public functions in a particular country. The term should be understood to include persons whose current or former position can attract publicity beyond the borders of the country concerned and whose financial circumstances may be the subject of additional public interest. In specific cases, local factors in the country concerned, such as the political and social environment, should be considered when deciding whether a person falls within the definition.
The principles issued by the Wolfsberg Group* of leading international financial institutions, give an indication of best banking practice guidance on these issues. These principles are applicable to FSPs as well in respect of both domestic and international PEPs.
The following examples serve as aids in defining PEPs:
- Heads of State, Heads of Government and cabinet ministers;
- influential functionaries in nationalised industries and government administration;
- senior judges;
- senior political party functionaries;
- senior and/or influential officials, functionaries and military leaders and people with similar functions in international or supranational organisations;
- members of ruling or royal families;
- senior and/or influential representatives of religious organisations (if these functions are connected to political, judicial, military or administrative responsibilities);
- a current or former senior official in the executive, legislative, administrative, military or judicial branch of any government;
- a senior executive of a government owned commercial business, corporation or any such enterprise/entity;
- an immediate family member (spouse, parent, brother/sister, child/sibling, in-laws), relative, close personal associate of any such individual defined above.
According to the Wolfsberg* principles, families and closely associated persons of PEPs should also be given special attention by FSPs. The term 'families' includes close family members such as spouses, children, parents and siblings and may also include other blood relatives and relatives by marriage. The category of 'closely associated persons' includes close business colleagues and personal advisers/consultants to the PEP as well as persons, who obviously benefit significantly from being close to such a person.
The FSP should conduct proper due diligence on both a PEP and the persons acting on his or her behalf. Similarly, KYC principles should be applied without exception to PEPs, families of PEPs and closely associated persons to the PEP.
*The Wolfsberg Group is an association of twelve global banks, which aims to develop financial services industry standards, and related products for Know Your Customer (KYC), Anti-Money Laundering (AML) and Counter Terrorist Financing (CTF) policies.
FATF and PEPs
'Politically Exposed Persons' (PEPs) are individuals who are or have been entrusted with prominent public functions in a foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials. Business relationships with family members or close associates of PEPs involve reputational risks similar to those with PEPs themselves. The definition is not intended to cover middle ranking or more junior individuals in the foregoing categories.
FATF Recommendation 6:
'Financial institutions should, in relation to Politically Exposed Persons, in addition to performing normal due diligence measures:
- Have appropriate risk management systems to determine whether the customer is a Politically Exposed Person.
- Obtain senior management approval for establishing business relationships with such customers.'
During the past couple of decades, several top financial institutions in the world learnt the value of PEP due diligence the hard way. Several Swiss Banking Houses suffered much public embarrassment relating to their dealings with Ferdinand Marcos, the Philippines’ infamous tenth president, and his family.
When it emerged that the dictator and his wife, the 'Steel Butterfly', had robbed the Philippine government of millions of dollars and deposited their loot in Swiss bank accounts, the resultant financial scandal and lingering bad publicity pointedly illustrated the need for knowing who your customers are, and to be aware of what they are doing financially. The scandal is generally credited as the birthing event of PEPs and PEP compliance legislation.
The term 'Politically Exposed Person' has since been use in the Swiss banking community and was originally created to define a category of high-profile clients that carries a measure of reputational risk. Within the financial services industry, PEP Due Diligence thus evolved from the need for an 'early warning system' against reputational risk.
Over time, however, emerging Anti Money Laundering laws and PEP specific legislation would make PEP Due Diligence a legal requirement for most regulated financial services providers.
PEP and your intuition
During the last couple of decades, PEPs have become a profoundly misunderstood clientele of the broader financial community. Yet in principle, there is nothing wrong with doing business with a Politically Exposed Person, provided that a number of due diligence criteria are met on an ongoing basis. PEPs are by no means necessarily money launderers or embezzlers, nor automatically involved in corrupt financial practices.
What differentiates PEPs from other categories of financial clients is their position within a country or similar public structure, or their association with a political officeholder. It is not that PEPs are predisposed to committing financial crimes, but rather that their position, in relation to state funds and other ‘cookie jar’ opportunities, significantly heightens the risk that they may do something corrupt, fraudulent or otherwise illegal. Statistically and historically speaking, PEPs therefore pose an increased reputational risk to service providers in industries where a good name can be the difference between profitability and closure. A PEP’s relative heightened-risk status, stemming from their position of influence within specific structures (or their relationship to someone in such a position), is also largely influenced by the operational, financial, geopolitical and governance risks associated with their country of origin.
Against this backdrop, characterised by state-specific structural and governance nuances, effective risk mitigation and its underlying Client Due Diligence practices become a key consideration for service providers wishing to do business with this category of highly influential and often wealthy individuals.
The allure of the PEP
PEPs are often high net-worth and prestigious individuals and thus highly sought after as private clients. A 'clean' PEP’s source of wealth, their position (or exposure to someone in a high position) and income-generating activities are transparent and able to withstand scrutiny. A 'dirty' PEP, on the other hand, is a problem.
Dirty PEPs will go out of their way to conceal not only their identity, but the source of their wealth as well. It therefore comes as no surprise that PEPs often look to bank their money in countries other than their own. The most common forms of PEP concealment entail the use of a family member or associate through whom access to the banking system is gained, or alternatively, the formation of a company, trust, charity or similar financial or fiduciary vehicle to facilitate legitimate transactions.
As the financial community has become better at identifying PEPs and keeping the corrupt ones from accessing the financial system, so the trust and legal communities in particular have come to face an increased risk stemming from illicit PEP concealment practices.
What needs to be understood, however, is that PEPs are not automatically to be treated as 'high risk', but rather that they may potentially constitute a reputational risk.
Treatment of PEPs verses other high risk clients
In terms of the FATF standards, specific action should be taken in relation to PEPs as a category of high-risk client. In addition to performing customer due diligence measures, banks, including FSPs, should put in place appropriate risk management systems to determine whether a customer, a potential customer or the beneficial owner is a PEP.
In addition, banks and FSPs should:
- obtain senior management approval for establishing business relationships with a PEP. When the client has been accepted, the bank/FSP should be required to obtain senior management approval to continue the business relationship;
- take reasonable measures to establish the source of wealth and the source of funds of customers and the beneficial owners identified as PEPs;
- conduct enhanced ongoing monitoring of a relationship with a PEP.
Policies for dealing with PEP
Given that the definition of a PEP can differ from country to country and the exposure probably varies by the type of institution, identifying PEPs can be difficult, particularly, if the client fails to provide information or even gives false information. Despite all FSP’s efforts at recognising PEPs, it is a fact that they do not have the necessary powers, means or information at their disposal to detect such a person. FSPs rely on the information they are given by clients and that can be gleaned from business documents. When close associates or family members of PEPs transact or establish a business relationship with a FSP, it is often impossible to establish if it amounts to “PEP relationship” on the basis of limited information available to the FSP. It can make sense, therefore, to identify the PEPs who are within your customer base.
PEPs are generally believed to present a potential for elevated risk to banks and FSP, regardless of the product or service they choose. Likewise, private banking is considered to be a product that presents higher risk, regardless of the customers who choose it. In their overall efforts to mitigate money laundering risk, more and more financial institutions are scanning their entire customer base rather than limiting their scanning to suspicious customers only. Banks and FSPs may also introduce a threshold and any person with aggregate deposits exceeding the threshold used may be scanned.
Another argument in favor of scanning is that PEP scanning software is now readily available. In the past, it may not have been reasonable to expect banks and FSPs to scan all customers against PEP lists, but technology has lessened the burden considerably. Supervisory bodies have noticed that more vendors are now offering tools for PEP scanning, so the barriers present only a few years ago have been reduced significantly. Several financial institutions have made the choice to scan all customers against PEP lists because of potential vulnerabilities and as part of their AML efforts, particularly if they have already implemented scanning software in their organisations.
FSPs should therefore develop anti-money laundering (AML) programs that are commensurate with certain risks. In order for the program to be risk-based, FSPs are generally expected to conduct a risk analysis, specifically evaluating AML risk stemming from customers, products and services, the industry they operate in, and location. As part of the risk framework, potential customers must be scanned against the PEP list and UN 1267 list (list of individuals and entities belonging to or associated with the Taliban and Al-Qaida). FSPs must also conduct identity authentication by doing some “reference checks” and search the internet “Google”. Banks and FSPs should not miss PEPs for failing to pursue proper due diligence.
How to proceed in recognising a PEP
(Or families/close associates of such a person in terms of AML.)
Identifying PEPs can be a difficult undertaking, particularly, if the client fails to provide important information or even gives false information. Despite all the accountable institution’s efforts at recognising PEPs, it is a fact that they do not have the necessary powers, means nor information at their disposal to detect such persons. FSPs can be restricted in what information they can obtain. They must rely on the information they are given by clients and that can be gleaned from business documents or even from the media. In particular, when close associates or families of a Politically Exposed Person open a business relationship with a FSP it is often impossible to establish that relationship a 'PEP relationship' on the basis of the limited information available to the firm.
The following prompts might - in addition to the standardized KYC procedures we all know - be appropriate to recognise a PEP:
The question of whether clients or other persons involved in the business relationship (see below) perform a political function should form part of the standardised account opening process, especially in cases of clients from corruption-prone countries. Let’s have some fun and name some … Nigeria, Indonesia perhaps, what about that little island paradise off Russia!
To let client advisors deal exclusively with clients from a specific country/region might improve their knowledge and understanding of the political situation in that country/region.
The issue of PEPs can form part of the regular KYC training programmes.
FSPs may use databases listing names of Politically Exposed Persons (and their entourage). In this regard, it would be helpful if authorities issuing directives on how to deal with Politically Exposed Person would support the FSP firms. That would be a luxury, wouldn't it?
At the heart of the PEP issue lies risk
PEPs constitute a reputational risk, rather than mere regulatory or non-compliance risk, as the scandal that sunk American bank Riggs illustrated. Once one of the United States’ financial flagship institutions, the bank paid the ultimate price for its inadequate due diligence processes.
Although regulation prescribing Enhanced Due Diligence (EDD) has been in place in industries such as the Swiss banking and financial sectors for many years, bankers were learning the hard and rather public way that bad guys with dirty money have lots to hide -namely not only their illicit funds, but their identities as well.
In many recent high-profile cases, it has been non-family members, including highly respected 'advisors' and lawyers, accountants and diplomats who have, in most cases unwittingly, assisted in camouflaging and laundering dirty money. One of the most prominent examples of this trend is the case of former Zambian President Frederick Chiluba, where Meer Care & Desai, the law firm representing him, was implicated as well.
As regulation becomes more effective in closing the net on fraudsters, money launderers and other white-collar criminals, so the importance of those 'exposed' to the political officeholder is becoming the subject of increased regulatory scrutiny. Without any doubt, there have been bankers who have weighed the risk, considered the reward and decided to take a chance. Yet in many such cases, it is not simply that the 'bad guy' is so clever, but rather that his banker is either so greedy, or under such pressure to meet targets, that leads to dubious accounts being opened.
Other lesser-known cases either affected fewer institutions, or did not quite capture the media’s attention in quite the same way a corrupt dictator or thieving strongman may have – but the risks involved are no less grave, and the dangers of PEP-related exposure remain high.
What we need to ask ourselves is: who will feature in the next front-page exposé? Whose hidden accounts will governments spend decades fighting over? Will it be Dos Santos of Angola or perhaps Fidel Castro of Cuba? Which institution will find its name and reputation tarnished; see its shares plummet or indeed have to find a buyer, as Riggs Bank did?
Have you truly understood your PEP screening requirements, identified your PEP risk, and set out to implement a PEP policy that will protect your institution, its reputation and indeed, your job?
PEP case studies
We have in the last few years publicly witnessed the damage a badly managed PEP relationship or policy (or indeed lack thereof) can cause. The highest profile PEP case was Riggs Bank, which banked both General Augusta Pinochet (and tried to conceal this relationship), and Equatorial Guinea’s long-term president, Brigadier General Teodoro Obiang Nguema Mbasogo.
Prior to its fall from grace, Riggs boasted a near-exclusive franchise on private banking with Washington DC’s Diplomatic Community, and a significant percentage of London’s diplomats. After more than 160 years as the most prestigious private bank in the United States of America, Riggs saw things fall apart in the last three years of its existence. The cost of non-compliance at Riggs can be set in the region of $200 million. This included fines and shareholder settlements of approximately $59 million, and legal and consulting fees of approximately $35 million.
Yet ultimately, the clearest indicator of lost reputation was arguably the loss in Riggs’ share value. On 15 June 2004, Riggs accepted an offer by PNC of $24.25 per share. On 10 February 2005, the bank accepted a renegotiated price of $20 per share – a drop of 20% in just of 8 months.
Indeed, this disastrous end to what was a highly respected institution cannot solely be put down to a bad PEP relationship or two, but is rather attributable to the lack of a sound compliance culture. The bank was at no time unaware of whom they were dealing with, but rather paid the price for how they chose to deal with such matters and Politically Exposed clients in general.
Trusts and PEP risks
Trusts and PEP identity concealment is another high-risk area. It must be stressed that it is not exclusively offshore vehicles that are used to conceal the identities and questionable wealth of PEPs. Further to this, there is a false sense of security when carrying out due diligence on or dealing with an onshore company, trust, foundation or charity, in comparison to the equivalent offshore vehicles.
The registration of a company in most onshore jurisdictions carries little or no KYC requirements on the beneficiaries, owners or company directors. The knowledge that a company is registered in the United Kingdom, the United States or in the EU, as opposed to some small tax haven island nation, for some reason would appear to make us think it must be above board.
Many trusts are formed for legitimate personal or business purposes. They are formed for everyday legitimate purposes such as inheritance management, succession planning and the education of minors. Trusts also play a major role in commercial transactions such as securitisations, and in socially beneficial areas such as pension schemes, employee benefit schemes and legitimate charities.
Whether onshore or offshore, trusts can provide a valuable tool for the money launderer and corrupt PEP alike. The establishment of a trust will always increase the challenge for the authorities of identifying the beneficial owner of the funds or assets settled into trust. If the trust is established in a poorly regulated jurisdiction, which has strict confidentiality laws, anonymity can be virtually assured. Where there is such a lack of transparency within a trust, this will provide a significant advantage to the money launderer.
PEPs and money laundering
The vulnerability of trusts and similar financial vehicles cannot be examined without the focus also shifting to money laundering. The term is itself a bit of a misnomer; but in order to accurately describe money laundering, it is important to initially examine what it is not.
Money laundering is not an activity that exclusively involves actual money; any form of asset or property that is derived in whole or in part from criminal activities, whether directly or indirectly. The term 'laundering' encourages the perception that it is a form of process by which criminals seek to wash or clean their criminal property, so as to alter its form or appearance. The common perception is that money launderers seek to achieve this by utilising a number of different types of products, services, currency and jurisdictions, yet this is not always the case.
Consider the following hypothetical example: In 1999, a lawyer acting on behalf of a corrupt PEP settled a luxury penthouse apartment, previously purchased with the proceeds of crime, into a trust. This trust is administered by a trust company service provider. The property has remained in the trust for nearly a decade.
Is the trust company laundering the property? The answer is yes, despite the fact that the trust company has not changed or converted the property or disguised it in any way.
The common perception is that criminals, including corrupt PEPs, have as their money laundering objectives the avoidance of detection, prosecution and the confiscation of their criminal proceeds. Whilst this is often the case, there have also been numerous cases where PEPs and criminals have sought not to convert their properties, but rather to disguise the fact that they own these assets.
To achieve this objective, such criminals PEPs or the entities acting on their behalf attempt to camouflage or sever the connection between themselves and any property that could link them to criminal activities. Money laundering is therefore as much about disguising ownership of property as it is about converting or 'washing' criminally obtained or funded property.
Jack Abramoff, former Republican 'super lobbyist' and now-convicted felon, collected tens of millions extorted from Indian tribal gambling operations. Abramoff allegedly used auspiciously named non-profit, 501(c) (4) lobbying organisations such as Americans for Tax Reform and Citizens Against Government Waste as a front group for corporate interests.
These fronts were used as a conduit for receiving large fees and donations, much of which was used to buy influence from Washington Republican figures, but a considerable amount was also used for self-enrichment and personal projects. He pleaded guilty to conspiracy to corrupt public officials, defrauding clients and tax evasion charges, and was sentenced to 5 years and 10 months in prison.
The importance of PEP due diligence
PEP due diligence has far less to do with PEP identification than it has to do with risk detection. A database that merely confirms that an individual is a PEP is of little value to financial institutions. What institutions require is much more than that, it’s the information on the associates, middlemen, relatives, companies and trusts that often reveal the level of risk, for it is through these vehicles that a ‘bad’ PEP will carry out the illicit activities. Remember there are many honest PEPs that you would want to have as customers, what is key when it comes to PEP due diligence, is having precise risk-relevant information that will allow you to measure your risk exposure and help you make the right decisions.
Therefore, in order to be able to mitigate PEP risk, you require more than just PEP identification data. You require information that is risk-relevant. In simple terms, a database that confirms that Mr A and Mr B are both political officeholders, but fails to mention which of these two gentlemen is currently under investigation for bribery and corruption, is useless to you. The value of PEP due diligence lies in identifying the risk of bribery and corruption; not in confirming that an individual exists.
A true PEP solution, unlike a “Who’s Who” Directory, will tell you that Mr A’s brother-in-law is an arms dealer, and Mr B’s wife is the arms dealer’s sister. It will tell you behind which company Mr. A’s brother-in-law is hiding his activities, and that Mr. B is not only a board member and trustee of this company, but also a convicted trafficker of narcotics. This amounts to relevant PEP risk intelligence, which makes for effective due diligence.
A copy of a passport and 10 ticked boxes won’t suffice – and it certainly won’t get your organisation off the hook with the Regulator when things go wrong. No bank would look forward to appearing on the front page of the Financial Times or the Wall Street Journal in relation to an account that holds the ill-gotten gains of a corrupt, senior government official. In fact, banks will and do go to great lengths to ensure they stay out of the media when the news could damage their reputation. Millions of dollars are spent each year in ensuring that society, your customers and peers perceive your institution in a favourable light. Free press that comes with doing business with the ‘bad guys’ is not what your Directors had in mind.
Addressing the compliance challenge
In order for a compliance strategy to remain sufficient, both in terms of current and future regulatory mandates and effective risk management, it needs to be risk-based, and remain ahead of the curve – on all fronts, and at all times.
In order for a regulatory compliance solution to fully address the PEP challenge, several conditions have to be met:
- Adherence to an Evolving PEP Definition -
Considering the fact that official definitions and legislation are not updated regularly, there exists the real possibility of dangerous PEPs slipping through the cracks and harming your institution’s reputation, if it merely conforms to currently prescribed definitions. As such, using an evolving PEP definition in creating your organisation’s compliance framework, is critical.
- Robust Name and PEP-Related Risk Factor Matching Mechanisms -
Mitigating your organisation’s PEP risk requires a combination of highly structured risk-relevant data, a comprehensive PEP definition and identity matching mechanisms that connect the dots, taking linguistic, regional naming conventions, associations and aliases into account. An effective system should produce as low a percentage of false positives or inaccurate false alarm matches as possible.
- Routine Client and Transactional Filtering -
Given the fact that persons become 'politically exposed' on a daily basis, and that questionable transactions can take place at any moment, a robust technological infrastructure is required in order to conduct regular client screenings swiftly and accurately.
PEP databases like Truity in South Africa
Given the fact that PEPs are often foreign nationals, a comprehensive PEP compliance solution would require a risk intelligence database that:
- is global in its scope;
- is updated in real-time on a 24/7 basis;
- allows for the automated screening of an entire client base. (Only a meticulously structured database where not a comma, letter or full stop is out of place, will allow for a seamless integration in an automated environment).
Electronically Verifiable Proof of Due Diligence - Whilst protecting the reputation and integrity of your institution is the most important consideration when tackling PEPs, their identification and monitoring is also a regulatory requirement and hence being able to produce proof of your best due-diligence efforts is of utmost importance. Increasingly regulatory bodies are demanding that financial institutions provide electronically auditable proof of diligence.
PEP Compliance Checklist
With all the pitfalls, how does one still do business with PEPs?
- Ensure you carry out KYC and Enhanced Due Diligence on companies, foundations, charities and trusts in the way you do with individuals.
- Treat onshore and offshore vehicles in the same manner.
- Having identified a PEP, assess your risk in dealing with this person. Consider the country and its government, the person’s position and their potential exposure to corruption and bribery. Understand the PEP’s business requirements of your institution.
- Carry out regular reviews of all customers and even more regular reviews of all PEPs.
- Understand that it might be an ‘Exposed Person’ you are looking for and not an actual ‘office holder’.
- Ensure you are fully aware of and have carried out KYC on all signatories on all accounts but especially PEP accounts.
- Ensure you have carried out KYC on all credit card and additional credit card holders.
- Have a well thought-out and even better executed KYC and PEP policy and culture throughout your organisation.
No single person in your organisation should have total control over PEP customers or PEP matters. Ensure counter-signatories on everything PEP related.